WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

2024-06-2500:00:00

wpscan.com

wordpress

path traversal

template part block

windows servers

file reads

7.2 High

AI Score

Confidence

High

JSON

Description WordPress does not properly escape the “file” attribute in the “Template Part block” allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File Reads.

CPENameOperatorVersion
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.4.5
654eq6.4.5
654eq6.4.5
654eq6.4.5
654eq6.4.5

Name	Operator	Version
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5

Rows per page:

1-10 of 4811

References

wordpress.org/news/2024/06/wordpress-6-5-5/

7.2 High

AI Score

Confidence

High

JSON